Bad Rabbit also utilised EternalRomance – NSA leaked / Microsoft SMB / Patch: MS17-010
- Ever get pop-ups saying Flash / Java, etc. needs to be updated when you browse to a site?
- “The majority of servers and websites that supported Bad Rabbit activity appear to have been shut down, just a day after reports of the ransomware campaign emerged. Bad Rabbit affected computers in Russia and Ukraine earlier this week. The malware was spread largely through watering hole attacks that pushed out phony Flash updates that execute a dropper on infected machines. According to several research firms, there is evidence that suggests Bad Rabbit may have a connection to Petya and NotPetya.” – www.sans.org/newsletters/newsbites/xix/85#304
- One more reason why we should be happy that flash is dying – RIP
- Further reading:

Key Reinstallation Attack
- “KRACK affects both WPA and WPA2 in both Pre-Shared Key and Enterprise modes. While the attack is damaging to clients by delivering a MiTM attack, no “official” attack tools have been seen. The methods for delivering the KRACK attack require technical expertise, rely on specific timing, and can be subject to failure due to the operation of 802.11 as a whole. Now is the time to get our “houses in order” by patching access points (APs) and clients (especially Android) when they are available, enabling robust wireless rogue AP detection, WIPS, and leveraging secure MiTM resistant protocols such as SSL/TLS and IPSECVPNs in addition to WiFi encryption such as continued use of WPA2.” – Larry Pesce (SANS NewsBites Vol. 19 Num. 083)

What You Should Know About the ‘KRACK’ WiFi Security Weakness
- Key takeaways: “To my mind, those most at risk from this vulnerability are organizations that have not done a good job separating their wireless networks from their enterprise, wired networks.
I don’t see this becoming a major threat to most users unless and until we start seeing the availability of easy-to-use attack tools to exploit this flaw…
From reading the advisory on this flaw, it appears that the most recent versions of Windows and Apple’s iOS are either not vulnerable to this flaw or are only exposed in very specific circumstances. Android devices, on the other hand, are likely going to need some patching, and soon.” – Brian Krebs

Event: 5th CyberCon Africa – 16-17 Oct 2017, Joburg – “Africa Under Attack!”
- How prepared are we? Real-life scenarios and simulations to test and improve our readiness to large scale cyber attacks structured according to the NIST Cybersecurity Framework.www.cyberconafrica.org/
- “This is the definitive event for all cyber security industry professionals, which will leave delegates equipped to prepare for cyber attacks. The theme for this year is Africa Under Attack. The focus is to unite all industry sectors as well as skills and resources in order to protect Africa’s Critical Infrastructure from a large scale cyber attack. This year we are utilising a more hands on, interactive approach, with real life scenarios and simulations being played out.”

Phishing
- From SANS NewsBites Vol. 19 Num. 064: “Both the 2016 and 2017 SANS Threat Landscape Surveys found phishing, including spearphishing and whaling, was the top way threats enter organizations. While the most common response to reduce the risk is enhanced user training, technical countermeasures are also needed. Google added anti-phishing features to Gmail earlier this year and are now extending them to the mobile user…” – Neely